[英]Exception : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
public HttpClientVM() {
BasicHttpParams params = new BasicHttpParams();
ConnManagerParams.setMaxTotalConnections(params, 10);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setUseExpectContinue(params, false);
HttpConnectionParams.setStaleCheckingEnabled(params, true);
HttpConnectionParams.setConnectionTimeout(params, 30000);
HostnameVerifier hostnameVerifier=
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http",socketFactory, 80));
schemeRegistry.register(new Scheme("https",socketFactory, 443));
ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(params, schemeRegistry);
// Set verifier
client = new DefaultHttpClient(manager, params);
}
问题:
执行client.accessURL(url)时,出现如下错误:
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:495)
at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:62)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
附加信息:
过期的证书是我们的“javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”的原因。
keytool -list -v -keystore filetruststore.ts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: somealias
Creation date: Jul 26, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=SomeOU, O="Some Company, Inc.", L=SomeCity, ST=GA, C=US
Issuer: CN=Unknown, OU=SomeOU, O=Some Company, Inc.", L=SomeCity, ST=GA, C=US
Serial number: 5011a47b
Valid from: Thu Jul 26 16:11:39 EDT 2012 until: Wed Oct 24 16:11:39 EDT 2012
此错误是因为您的服务器没有有效的 SSL 证书。 因此我们需要告诉客户端使用不同的 TrustManager。 这是一个示例代码:
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = base.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
client = new DefaultHttpClient(ccm, base.getParams());
如果您的服务器基于 JDK 7,而您的客户端在 JDK 6 上并使用 SSL 证书,则会出现此异常。 在 JDK 7 中 sslv2hello 消息握手默认是禁用的,而在 JDK 6 中 sslv2hello 消息握手是启用的。 因此,当您的客户端尝试连接服务器时,将向服务器发送 sslv2hello 消息,并且由于 sslv2hello 消息禁用,您将收到此异常。 要解决此问题,您必须将客户端移至 JDK 7,或者必须使用 6u91 版本的 JDK。 但是要获得此版本的 JDK,您必须获得 MOS(My Oracle Support)企业支持。 这个补丁不是公开的。
如果客户端指定“https”但服务器仅运行“http”,则您可以获得此信息。 因此,服务器不希望建立安全连接。
如果您尝试通过 HTTPS 连接并且服务器未配置为正确处理 SSL 连接,也会发生这种情况。
我会检查您的应用程序服务器 SSL 设置并确保证书配置正确。
就我而言,我使用的是 JDK 8 客户端,而服务器使用的是不安全的旧密码。 服务器是 Apache,我将此行添加到 Apache 配置中:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
您应该使用这样的工具来验证您的 SSL 配置当前是否安全: https : //www.ssllabs.com/ssltest/analyze.html
在我的例子中,服务器在 Docker 上运行(使用基础镜像采用 passopenjdk/openjdk11:alpine),问题是 TLS 协议级别错误(感谢以下页面提供解释: https : //jfrog.com/knowledge- base/how-to-resolve-the-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated-error-when-using-java-11/ )。
解决方案最终是使用以下 java 标志运行客户端:
-Djdk.tls.client.protocols=TLSv1.2
当您的 keystore.jks 文件中缺少验证码证书时,我们使用 VPN 时会遇到同样的问题。
检查您的服务器密钥库是否具有验证码证书,为此请使用以下命令。 Go 到您的 keystore.jks 位置并点击usr/java/jdk1.7.0_91/bin/keytool -list -v -keystore keystore.jks它将列出您在其中拥有的所有证书,其中: usr/java/jdk1.7.0_91/bin/keytool是 java keytool 的位置,如果您不确定服务器上的 java 路径,可以使用which java命令。
如果它不存在,那么您必须下载验证码证书并将其安装到密钥库,按照以下步骤进行操作:
一种。 打开: https://www.google.com/recaptcha/api/siteverify点击secure图标,点击certificate is valid
b. 点击连接是安全的
c。之后单击详细信息并将证书导出为.crt
d. 将 this.crt 文件复制到您的服务器上。
Go to the location of keystore.jks :
Run this command :
/usr/java/jdk1.7.0_91/bin/keytool -import -alias googlecaptcha -keystore "/location/to/the/keystore.jks" -file "/location/to/crtfile/where/you/have/keep/ /on/server/googlecaptcha.crt"
注意:我已将www.google.com.crt重命名为 googlecaptcha.crt,同时更改位置参数。
安装证书后,您可以使用列表命令(在步骤 1 中给出)来验证它。
这是完成上述过程后的代码片段:
try {
URL url = new URL(googleURL);
if(proxy!=null){
conn = (HttpURLConnection)url.openConnection(proxy);
}else{
conn = (HttpURLConnection)url.openConnection();
}
conn.setRequestMethod("POST");
conn.setRequestProperty("Accept", "application/json");
InputStreamReader in = new InputStreamReader(conn.getInputStream());
BufferedReader br = new BufferedReader(in);
StringBuilder sb = new StringBuilder();
String output;
while ((output = br.readLine()) != null) {
System.out.println(output);
sb.append(output);
}
String responseNew = sb.toString();
responseObject = (ImplValidateCaptchaGoogleResponse)this.mapper.readValue(responseNew, ImplValidateCaptchaGoogleResponse.class);
} catch (Exception e) {
LOGGER.debug("ERROR_OCCURED ::"+e.getMessage() );
e.printStackTrace();
}
}
如果您处于开发模式且证书无效,为什么不设置weClient.setUseInsecureSSL(true) 。 为我工作
Apache HttpClient错误:javax.net.ssl.SSLPeerUnverifiedException:对等方未通过身份验证
[英]Apache HttpClient Error: javax.net.ssl.SSLPeerUnverifiedException: Peer Not Authenticated
Java 8 javax.net.ssl.SSLPeerUnverifiedException:peer未经过身份验证,但不是Java 7
[英]Java 8 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated, but not Java 7
javax.net.ssl.SSLPeerUnverifiedException:未在Tomcat中使用Apache HttpClient对等体进行身份验证
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in Tomcat with Apache HttpClient
javax.net.ssl.SSLPeerUnverifiedException:在netbeans中未对等身份验证
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in netbeans
JDK 11. javax.net.ssl.SSLPeerUnverifiedException:对等方未通过身份验证
[英]JDK 11. javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Java - javax.net.ssl.SSLPeerUnverifiedException:peer未经过身份验证
[英]Java - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException:仅在生产服务器上未对等身份验证
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated only on production server
如何使用Java解决Rally Rest api中的javax.net.ssl.SSLPeerUnverifiedException:对等体未通过身份验证的异常?
[英]How to solve javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Exception in Rally Rest api using java?
为什么我得到一个异常javax.net.ssl.SSLPeerUnverifiedException:peer未经过身份验证?
[英]Why am I getting an exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated?
javax.net.ssl.SSLPeerUnverifiedException:对等方未在jdk7中进行身份验证,但未在jdk8中进行身份验证
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in jdk7 but not in jdk8
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.